Description

When the ​email field related denial-of-service attack was patched the new code suddenly allowed email addresses to end with a '.' character. For example, according to the new regular expression 'test@test.com.' is a valid email address (please note the trailing period character).

I'm not convinced this should be closed. Although DNS should correctly resolve a domain with a trailing dot according to the specification (documented at the beginning of page 7 here ​http://www.ietf.org/rfc/rfc1034.txt) sending emails to addresses that end with a dot fails at least in my case. For example I tried sending an email to and from a google apps address of mine using thunderbird. I was sent back a Delivery Status Notification (Failure).

When trying to use EmailMultiAlternatives with a email address of this form, me@…. as an example, msg.send() breaks with the following error:
SMTPRecipientsRefused: {'me@….': (501, '<tedlittle5@….>: domain missing or malformed')}

#16310 was a duplicate. Note that this behaviour was introduced in changeset [11605], which itself was to fix a security issue where the email and url validation regular expressions could be exploited in public form submissions to cause a DOS. Therefore this should be treated very cautiously.

I haven't done enough research to confirm whether this is a genuine bug or not. However, this behaviour (i.e. trailing dots) doesn't seem to be tested at all. So I'm accepting this ticket on the basis that at the very least it needs some tests.

Please don't mark your own patch as RFC. It looks like this needs to be discussed as to whether we want to continue to allow email addresses that end with periods or not. If so, the test in the latest patch is a bit awkward (using both unittest.expectedFailure and assertFailsValidation).

We just had an SMTP exception from Exim because a user managed to enter his email address with a trailing dot. Probably he copied it from somewhere with a period at the end. This echoes what Josh C said, but I just want to confirm that Django's behaviour in this case caused us a real problem, so yeah, this is a genuine bug.